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AMENDMENTS TO CLAIMS 

A complete listing of all claims is presented below with insertions underlined (e.g., 
insertion ), and deletions struckthrough or in double brackets (e.g., deletion or [[deletion]]): 

{el} Claim 1 . (Currently amended) A method of sharing a state between stateful firewalls on a 
multiple entry/exit point (MEP) network for data exchange between a server and a client through 
firewalls physically remote from each other, comprising the steps of: 

(a) one of the firewalls receiving an SYN packet sent from the client to the server. 
wherein the firewalls share a synchronized time counter, which is increased at regular intervals, 
and a same secret key, wherein the SYN packet comprises an Initial Sequence Number (1SN) : 

(b) the firewall creating a modified SYN cookie (hereinafter referred to as an m.SYN 
cookie), modifying the SYN packet using the m.SYN cookie and sending the SYN packet to the 
server, and the server sending a SYN/ACK packet to the client in response to the SYN packet^ 
wherein the m.SYN cookie comprises upper bits of the ISN of the SYN packet, bits of time 
indicated by the time counter of the firewall, which creates the m.SYN cookie, at a time of 
creation of the m.SYN cookie, bits of an output value of a hash function, and at least some bits of 
the time indicated by the time counter of the firewall, wherein the hash function comprises 
variables for a secret key, a source address, a source port number, a destination address, a 
destination port number, at least some partial bits of the ISN, a time indicated by the time counter 
of the firewall, which creates the m.SYN cookie, at the time of creation of the m.SYN cookie : 

(c) the firewall, which has received the SYN/ACK packet, extracting a firewall identifier 
IDfw from the SYN/ACK packet and sending the SYN/ACK packet to a corresponding one of the 
firewalls, the corresponding firewall searching a state table for connection information and 
sending the connection information, together with the SYN/ACK packet, to the firewall, which 
has received the SYN/ACK packet; and 

(d) the firewall, which has re-received the SYN/ACK packet, updating the state table, 
changing an acknowledgement number of the SYN/ACK packet to an Initial Sequence Number 
(ISN C )+1, and sending the SYN/ACK packet to the client. 

fe24 Claim 2. (Canceled) 
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fe3} Claim 3. (Currently amended) The method as set forth in claim 1 , wherein the state table 
includes a difference between the ISN and the m.SYN cookie, and connection information, 
including a source address, a destination address, a protocol, a source port and a destination port 
number of the packet. 

{e4} Claim 4. (Currently amended) The method as set forth in claim 1 , where step (a) further 
comprises the step of: 

the firewall, which has received the SYN packet, inspecting the SYN packet according to 
a preset firewall rule, and performing step (b) if a current connection is a permitted connection, 
or discarding the SYN packet if the current connection is not the permitted connection. 

fe$4 Claim 5. (Canceled) 

fe6} Claim 6. (Currently amended) The method as set forth in claim 2. wherein the m.SYN 
cookie includes ISN 17, T 0 and Hash| 3 +IDf W , ISN| 7 being determined by upper 17 bits of the ISN 
of the SYN packet. To being determined by least significant two bits of time indicated by the time 
counter of the firewall, which creates the m.SYN cookie, at the time of creation of the m.SYN 
cookie, Hash 13 being determined by the following Equation: 

Hashi3=Hash(k, sa, sp, da, dp, time or g, ISN C »1 5)%2 A 1 3 

where Hash( ) is an output value of a hash function, k is a secret key, sa is a source 
address, sp is a source port number, da is a destination address, dp is a destination port number. 
ISNc»l 5 is a value obtained by eliminating lower 15 bits from ISN C , Hash( )%2 A 13 is a value of 
lower 13 bits of the output value of the hash function, time 0f g is time indicated by the time 
counter of the firewall, which creates the m.SYN cookie, at the time of creation of the m.SYN 
cookie. 

{e7} Claim 7. (Currently amended) The method as set forth in claim 1 , wherein step (b) is 
performed in such a way that the ISN of the SYN packet is replaced with the created m.SYN 
cookie, and the connection information including the difference between the ISN and the m.SYN 
cookie is stored in the state table of the firewall. 
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{e8} Claim 8. (Currently amended) The method as set forth in claim 1, wherein step (c) further 
comprises the steps of: 

(cl) extracting the ID^ V from the SYN/ACK packet; 

(c2) verifying whether the extracted IDf* is valid; 

(c3) comparing the ID^, winch is verified to be valid at step (c2), with an ID ftv of the 
firewall, which has received the SYN/ACK packet: and 

(c4) if, as a result of the comparison at step (c3), the two ID tw s are identical with each 
other, searching the state table of the firewall that has received the SYN/ACK packet and 
modifying the state table and the SYN/ACK packet, or if the ID^s are different from each other, 
sending the SYN/ACK packet to the firewall corresponding to the extracted IDf w . 

{e9} Claim 9. (Currently amended) The method as set forth in claim 8, wherein step (cl) is 
performed in such a way that the m.SYN cookie included in the SYN/ACK packet is extracted, 
and the IDf W is extracted from the m.SYN cookie using the following equationsv 
IDftv =(SC-Hash(k, sa, sp, da, dp, time in p U t, SC»1 5))%2 A 1 3 

where SC is the m.SYN cookie included in the SYN/ACK packet, Hash( ) is an output 
value of a hash function, k is a secret key. sa is a source address, sp is a source port number, da is 
a destination address, dp is a destination port number, timei npu t is time obtained using the 
following Equation. SC»15 is a value obtained by eliminating lower 15 bits from the SC. and 
( )%2 A 13 is a value of lower 13 bits of the value of ( ) 

timei n p U t=time curr +l((time curr +l-T 0 ) mod 4) 

where time curT is the time indicated by the time counter of the firewall, which verifies the 
extracted m.SYN cookie, at the time of verification of the extracted m.SYN cookie, and T 0 is the 
least significant two bits of time indicated by the time counter of the firewall, which creates the 
m.SYN cookie, at the time of creation of the m.SYN cookie. 

[clQ] Claim 10. (Currently amended) The method as set forth in claim 8. wherein step 
(c2) is performed in such a way as to compare the extracted IDt\ v with a preset maximum IDf\ v , 
and if the extracted lDf w is not larger than the preset maximum ID tw , verifying the extracted IDa v 
to be valid, or if the extracted ID tw is larger than the preset maximum IDfw, verifying the 
extracted ID t \ v to be invalid. 
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